Home > Vulnerability Database > WS-2023-0225

Mend.io Vulnerability Database

WS-2023-0225

Good to know:

Date: June 27, 2023

nuxt-api-party allows developers to easily hook up APIs. You can configure API URLs and Credentials to be sent on requests. It is suggested in the documentation that this plugin is capable of handling sensitive data. There is a design flaw that could allow an attacker to extract private API keys. As a result, sensitive data will be leaked to the attacker site.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (2)

Url: https://github.com/johannschopplich/nuxt-api-party/commit/481872f4a2d35dbda9f2824c8db62b80dc4f8c4f

Url: https://www.mend.io/vulnerability-database/WS-2023-0225

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version nuxt-api-party - 0.13.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0225

Good to know:

Date: June 27, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?